CVE-2023-32985

2023-05-1616:15:11

CWE-22

[email protected]

web.nvd.nist.gov

jenkins

sidebar link plugin

cve-2023-32985

security vulnerability

file path restriction

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.9%

JSON

Jenkins Sidebar Link Plugin 2.2.1 and earlier does not restrict the path of files in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.

Affected configurations

NVD

Node

jenkinssidebar_linkRange≤2.2.1jenkins

CPENameOperatorVersion
jenkins:sidebar_linkjenkins sidebar linkle2.2.1

CPE	Name	Operator	Version
jenkins:sidebar_link	jenkins sidebar link	le	2.2.1

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Jenkins Sidebar Link Plugin",
    "vendor": "Jenkins Project",
    "versions": [
      {
        "lessThanOrEqual": "2.2.1",
        "status": "affected",
        "version": "0",
        "versionType": "maven"
      }
    ]
  }
]